Identity

You are currently browsing the archive for the Identity category.

Not want.

Need.

If a site has one of these…

social-signin

… what is the least information they need from the user?

Seems to me that “social” login buttons like these are meant for the convenience of the user. But too often liberties are taken with them.

For example, here is what one company says in its terms & conditions:

Certain functionality may enable you to log-in using Facebook Connect, a Facebook, Inc. application, which is intended to provide interconnectivity between the Services and your Facebook.com profile. By using the Connect feature, you permit us to access your facebook.com profile, including without limitation,  information about you, your friends and privacy settings. When you use the Connect feature, you also agree to allow Facebook, Inc. to use information about your activities on our site and to access your facebook.com cookies.

This is an otherwise respectful (and respectable) company, which is why I’m not naming them here. They are also a retailer, and not supported by advertising. Nor is their offering “social” in the “social media” sense.

And, while the company might want Facebook profile stuff to better understand their customers, do they need it?

In answering the question, What do fully respectful sites need from social login?, it helps to ask another question: What does the individual need from that button, other than to log in with one click?

I’m asking these questions because this button here…

respect-connect-button

… needs definition of what respectful login is.

As I said in Time for Digital Emancipation, the definition (via the Respect Trust Framework) is that the user and the site respect each other’s boundaries. So we need to say what those boundaries are, or what they might be under different conditions. But a good place to start is by asking what the bare minimum needs of a site are.

So, what are they?

Civilization is a draft. Provisional. Scaffolded. Under construction. For example:

DEC. OF INDEP. 1

That’s Thomas Jefferson‘s rough draft of the Declaration of Independence. The Declaration hasn’t changed since July 4, 1776, but the Constitution built on it has been amended thirty-three times, so far. The thirteenth of those abolished slavery, at the close of the Civil War, seventy-seven years after the Constitution was ratified.

Today we are in another struggle for equality, this time on the Net. As Brian Grimmer put it to me, “Digital emancipation is the struggle of the century.”

There is an ironic distance between those first two words: digital and emancipation. The digital world by itself is free. Its boundaries are those of binary math: ones and zeroes. Connecting that world is a network designed to put no restrictions on personal (or any) power, while reducing nearly to zero the functional distance between everybody and everything. Costs too. Meanwhile, most of what we experience on the Net takes place on the World Wide Web, which is not the Net but a layer on top of it. The Web is built on architectural framework called client-server. Within that framework, browsers are clients, and sites are servers. So the relationship looks like this:

calf-cow

In other words, client-server is calf-cow. (I was once told that “client-server” was chosen because “it sounded better than ‘slave-master.’” If anyone has the facts on that, let us know.)

Bruce Schneier gives us another metapor for this asymmetry:

It’s a feudal world out there.

Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether … for Facebook.

These vendors are becoming our feudal lords, and we are becoming their vassals.

It’s handy being a vassal. For example, you get to use these shortcuts into websites that require logins:

social-signin

To see how much personal data you risk spilling when you click on the Facebook one, visit iSharedWhat (by Joe Andrieu) for a test run. That spilled data can be used in many ways, including surveillance. The Direct Marketing Association tells us the purpose of surveillance is to give you a better “internet experience” through “interest-based advertising—ads that are intended for you, based on what you do online.” The DMA also provides tools for you to manage experiences of what they call “your ads,” by clicking on this tiny image here:

adchoicesbutton

It appears in the corners of ads from companies in the DMA’s AdChoice program. Here is one:

scottrade

The “AdChoices” text appears when you mouse over the icon. When I click on it, I get this:

scottradepopdown

Like most companies’ privacy policies, Scottrade’s says this: “Scottrade reserves the right to make changes to this Online Privacy Policy at any time.” But never mind that. Instead look at the links that follow. One of those leads to Opt Out From Behavioral Advertising By Participating Companies (BETA). There you can selectively opt out of advertising by dozens of companies. (There are hundreds of those, however. Most don’t allow opting out.)

I suppose that’s kind of them; but for you and me it’s a lot easier just to block all ads and tracking on our own, with a browser extension or add-on. This is why Adblock Plus tops Firefox’s browser add-ons list, which includes many other similar products as well. (The latest is Privacy Badger, from the EFF, which Don Marti visits here.)

Good as they are, ad and tracking blockers are still just prophylactics. They make captivity more bearable, but they don’t emancipate us. For that we need are first person technologies: ways to engage as equals on the open Net, including the feudal Web.

One way to start is by agreeing about how we respect each other. The Respect Trust Framework, for example, is a constitution of sorts, “designed to be self-reinforcing through use of a peer-to-peer reputation system.” Every person and company agreeing to the framework is a peer. Here are the five principles to which all members agree:

Promise We will respect each other’s digital boundaries

Every Member promises to respect the right of every other Member to control the Member Information they share within the network and the communications they receive within the network.

Permission We will negotiate with each other in good faith

As part of this promise, every Member agrees that all sharing of Member Information and sending of communications will be by permission, and to be honest and direct about the purpose(s) for which permission is sought.

Protection We will protect the identity and data entrusted to us

As part of this promise, every Member agrees to provide reasonable protection for the privacy and security of Member Information shared with that Member.

Portability We will support other Members’ freedom of movement

As part of this promise, every Member agrees that if it hosts Member Information on behalf of another Member, the right to possess, access, control, and share the hosted information, including the right to move it to another host, belongs to the hosted Member.

Proof We will reasonably cooperate for the good of all Members

As part of this promise, every Member agrees to share the reputation metadata necessary for the health of the network, including feedback about compliance with this trust framework, and to not engage in any practices intended to game or subvert the reputation system.

The Respect Network has gathered several dozen founding partners in a common effort to leverage the Respect Trust Framework into common use, and within it a market for VRM and services that help out. I’m involved with two of those partners: The Searls Group (my own consultancy, for which Respect Network is a client) and Customer Commons (in which I am a board member).

This summer Respect Network launched a crowd-funding campaign to get this new social login button rolling:

respect-connect-button

It’s called the Respect Connect button, and it embodies all the principles above; but especially the first one: We will respect each others’ digital boundaries. This makes itthe first safe social login button.

Think of the Respect Connect button project as a barn raising. There are lots of planks (and skills) you can bring, but the main ones will be your =names (“equals names”). These are sovereign identifiers you own and manage for yourself — unlike, say, your Twitter @ handle, which Twitter owns. (Organizations — companies, associations, governments — have +names and things have *names.)

Mine is =Doc.

Selling =names are CSPs: Cloud Service Providers. There are five so far (based, respectively, in Las Vegas, Vienna, London, New York/Jerusalem and Perth):

bosonweb-logo danube_clouds-logo paoga-logo emmett_global-logo onexus-logo

Here’s a key feature: they are substituable. You can port your =name from one to the other as easily as you port your phone number from one company to another. (In fact the company that does this in the background for both your =name and your phone number is Neustar, another Respect Network partner.)

You can also self-host your own personal cloud.

I just got back from a world tour of places where much scaffolding work is going up around this and many other ways customers and companies can respect each other and grow markets. I’ll be reporting more on all of it in coming posts. Meanwhile, enjoy some photos.

 

So I just got this email from Pandora:

This is an #AAF: an Automated Assumption Fail. I love music, and Pandora; but what Pandora’s telling me here doesn’t square with my experience of using it. I mean, what is “that Lorde song”? Who are are the Royals? Maybe I do like them, but I don’t recognize them at the moment.

The reason these are mysteries to me is that I’m not the only person using my Pandora account. Listening to my Pandora songs happens on many devices in many places. And, while I’m the one doing most (but not all) of the listening on my many browsers, computers and hand-held devices, in our house I’m just one listener among many indulging our Sonos system. Those others include  house guests at our parties and other gatherings, plus our teenage son. I would love to show you the wackily eclectic list of “my” Pandora channels, but I can’t, because I’m in Spain, where Pandora is blocked. When I go to Pandora.com, I get redirected to http://www.pandora.com/restricted, where (for me, at the moment) it says this:

Dear Pandora Visitor,

We are deeply, deeply sorry to say that due to licensing constraints, we can no longer allow access to Pandora for listeners located outside of the U.S., Australia and New Zealand. We will continue to work diligently to realize the vision of a truly global Pandora, but for the time being we are required to restrict its use. We are very sad to have to do this, but there is no other alternative.

We believe that you are in Spain [snip]. If you believe we have made a mistake, we apologize and ask that you please email us.

If you have been using Pandora, we will keep a record of your existing stations and bookmarked artists and songs, so that when we are able to launch in your country, they will be waiting for you.

We will be notifying listeners as licensing agreements are established in individual countries. If you would like to be notified by email when Pandora is available in your country, please enter your email address below. The pace of global licensing is hard to predict, but we have the ultimate goal of being able to offer our service everywhere.

We share your disappointment and greatly appreciate your understanding.

Sincerely,

Tim Westergen

Tim Westergren
Founder

Enter your email address and we will let you know when Pandora is available in your country:

I should pause here to say that I love what Tim has done with Pandora. I’ve been a fan and a follower of Pandora since its beginning, and I enjoyed the privilege of introducing Tim when he spoke at a Berkman Center gathering a few years back. I also believe there are a great many things Pandora is doing right, or it wouldn’t be so successful. (And it is a huge success.)

But one thing it’s doing wrong here, or at least poorly, is assuming two things here that are not the case. One is that I’m at home in Spain, when in fact I’m a traveling American. The other is that those 130 thumbs were all mine.In fact I don’t do the thumbs-up/down thing very much, usually because Pandora assumes that I don’t like the tune in question — when in fact I usually don’t want to hear that very tune at that very time. Also, I don’t like being told that I won’t hear that tune again for another month, or whatever it is that Pandora says… I’m not in a position to check right now.)

I also assume that there is a lot of #AAF in the absurd and counterproductive licensing restraints Tim talks about in his letter to blocked visitors. Really, it’s crazy that I can listen to all the music on SiriusXM, Apple’s iTunes, websites and countless mobile apps — including TuneIn, AOL, Public Radio Player, Stitcher, rdio, iheartradio, and Wunderadio — while Pandora is blocked. Why would Spain pick on Pandora and not the rest of them? Just because it’s popular? I dunno.

And, speaking of #AAF, when I go to Google to do research, its robot brain assumes I’m Spanish, even when I’m logged in to Google as my 100% American self. When I check less fancy and presumptuous search engines, such as DuckDuckGo and StartPage, I still have to do too much digging, because the engines assume I’m searching for something other than the question of why Spain blocks Pandora. So I’ll leave it up to the rest of you (or the fullness of time) to complete that work.

Let’s be clear: #AAF is not the fault of Pandora, Google or any other outfit needing to scale its dealings with many different people. It’s the fault of the industrial model that has been defaulted ever since industry won the Industrial Revolution and mass manufacture and marketing was required for scale.

It is also unavoidable in an all-silo marketplace, which is what the Web, with its calf-cow architecture, has become. In this architecture, every outfit maintains its own relationship silo, each of which bears the full burden of dealing with thousands or millions of different human beings in scalable templated ways. This problem cannot be solved by #YAS — Yet Another Silo — of any kind.

The only cure for #AAF is independent personal control of relationships. This is what #VRMVendor Relationship Management — is about. Maybe somebody here (or some combination there) is working on it. Whether they are or not, it’s inevitable, for three reasons:

  1. We are all different, even if we are easily templated by others. This absolute individuation is a base-level human condition.
  2. We live in a fully networked world, in which each of us is our own node.
  3. The only way we can truly relate, as complete and independent human beings, with full agency, is from our own silos, within which reside the means to relate directly with every other entity we engage. Think about it: our bodies are silos.

That #3 point is the development challenge for the 21st century. The tech sector has been working since 1995 on empowering the vendor side of the marketplace, helping companies, sites and services get their own scale, every one of them with its own silo — together compounding inconvenience won the personal side. Thus every “solution” on the vendor side complicates the problem.

This is a problem that can only be addressed on the individual side. Personal computing and networking create the base conditions for solving the problem, but we need more. We need universal engagement tools for individuals. That category is a $0 trillion greenfield that’s wide open and ready for exploiting, right now.

Look at it this way. We got personal computing in the 80s, personal networking in the 90s, and both together in hand-held form in the ’00s. Now it’s time for personal clouds. (And if not that, something like it.)

Remember: personal computing was an oxymoron before it took off in the ’80s. Networking was entirely an organizational grace before the Internet came along. Likewise with clouds. Right now almost the entire cloud conversation is corporate: B2B. So is the “big data” conversation. Today’s prevailing jive about both are sure signs that they’ll become just as personal as computing and networking.

When clouds do become personal, they will also be private. By that I mean we will control our own private places, spaces, relationships and interactivity in the networked world. (Those will also be programmable, e.g. with KRL.) Once we have personal clouds, based on standards that work for all of us, we will be able to relate in our own ways with everybody and everything else.

Imagine, for example, being able to actually know a company, and have them know you. That way, when you show up as yourself (and there can be no doubt it’s you), you won’t need logins and passwords. (Remember, those are record-keeping namespace burdens on the organizational side today, and huge pains in the ass for those organizations — as well as for you and me.)

Think about being able to change your address or surname for every entity you relate with, in one move. This is only possible if you are a free and autonomous actor in the world, operating with full agency, and not just as a separate administrated entity in hundreds of different organizations’ databases. Your identity (and your ability to identify yourselves and to interact with others) will be sovereign in the sense of having independent authority. (Yes, you will always also be social. But not just as an administrated identity within corporate silos such as Facebook’s and Twitter’s.)

I believe it’s exactly in this direction that Fred Wilson was headed in his talk at Le Web (which I visited a few days ago), and where Bruce Schneier, Eben Moglen (separately and together) and other freedom-lovers are also headed as well.

It is toward that long vector that I bring up #AAF as a problem. Meanwhile, let’s not burden the Pandoras and Googles of the world with solving it. They can’t. We can only solve it for ourselves — and then, as a consequence, for them.

Finally, thanks to @TimWestergren and @Pandora for providing modest evidence of a problem for all of us — and a path toward solving it.

 

Cities aren’t simple, especially mature ones. They are deep and complicated places that require equally deep attention to appreciate fully.  That’s what I get from Stephen Lewis‘ insights about the particulars of present and past urban scenes and characters in Sofia, New York, Istanbul and other cities he knows well. His latest post, titled  The Women’s Market, Sofia, Bulgaria: The Endurance of the 19th Century, Layers of Unwarranted Blame, and the Virtues of Slow Lenses, goes even deeper than most — accompanied, as always, by first-rate photography that speaks far more than words in any sum can tell. A sample passage:

The endurance of the 19th century

In a lifetime of working in and observing cities throughout the world, I’ve noticed that late-nineteenth century neighborhoods are amongst the last to be regenerated.  This is due in part to the resilient endurance of their economic and social functions throughout the twentieth century and into the early-twenty-first.  In such neighborhoods, cheap rents and high vacancy rates in storefront occupancy enable the provision of inexpensive goods to those whose budgets constrict their choices.  The same interstice of factors offers opportunities for marginal entrepreneurship and a shot at mobility to those who might otherwise fall outside of the economy.  The low profit-margins inherent to such entrepreneurship, however, can make for dubious goods and equally dubious practices.  Thus, shopping in the Women’s Market calls for a taste for sharp-tongued banter and a quick eye ever on the lookout for rigged scales and for good looking produce on display but underweight and damaged goods placed in one’s shopping bag.  Still, where else can one buy, for example, persimmons or grapes, albeit on the last legs of their shelf-lives, for a third of the price of elsewhere and serviceable tomatoes for even less?

To live is to change — and eventually to die. Yet cities are comprised of many lives. They are always an us and never just a me, even if we don’t get along. Who we are changes as well, and that too is a subject of Steve’s attention. For example:

Layers of unwarranted blame

There is a fine ethnic division of work and functions at the Women’s Market.  Meat, cheese, and fish  kiosks, and stands offering wild herbs and mushrooms, are run by Bulgarians. Fruit and vegetable stands and peripatetic bootleg cigarette operations are run by Roma (Gypsies).  Storefronts in adjacent streets include honey and bee keeping supply stores run by Bulgarians and rows of “Arab” shops — halal butchers, spice stores, barbers, and low-cost international telephone services — run by and catering to increasing numbers of legal and illegal immigrants from Syria, Iraq, Palestine, Turkey, Central Asia, and Afghanistan. Many Bulgarians, their weak self esteem shakily bolstered by contempt for “others,” blame the shoddier commercial practices of this wonderfully vibrant marginal neighborhood on the presence and “inferiority” of such outsiders.

Blaming others may be among our most human of tendencies. I have often thought that the human diaspora, wandering out of Africa and across oceans and forbidding landscapes, was caused by disaffection between tribes — the dislike, subjugation or dehumanizing of others, and the construction of specious narratives that rationalize a simple urge to blame. In known history there have been countless migrations, some for opportunistic reasons, but many more simply to escape misery. (Or, in the case of slavery, in states of misery dismissed by traders who regarded their captives as mere property.)

Yet cities, perhaps alone among human institutions, invite and thrive on human diversity. What hope I have for our species I get more from living in cities than from being anywhere else, no matter how pleasant. Steve’s photos and essays don’t always give me more hope, but they always give me more understanding, which is the better deal.

Bonus postings:

 

Who are you?

What are you?

If the answers come from you, they speak of your sovereign identity: that which is yours and you control.

If the answers come from your employer, your doctor, the Department of Motor Vehicles, Apple, Facebook, Google or Twitter, they speak of your administrative identity: that which is theirs and they control.

For as long as we’ve had identifiers in computer and network system namespaces, we have been talking about administrative identities, not sovereign ones.

All administrative identities are silo’d: isolated inside systems and their namespaces. The Internet, which cyber-utopians (me included) cheer for its decentralized peer-to-peer and end-to-end architectural graces, has become a vast forest of centralized systems, each a silo. This Great Silo Forest is a hall of administrative mirrors. Your reflection in each is not you, but an administrative version of you.

Want a sense of how bad this is? Go into your browser prefs and hunt down the place where your logins and passwords are kept. Every one of those login/password combinations is for a different you, that each different system knows separately, owns separately and controls separately.

Multiple silos can “federate” identifiers for their convenience, and sometimes that’s cool. But the problem that falls on you — coping with countless different administrative silos — is not relieved by administrative federation, because it’s an administrative solution for an administrative problem. Not a solution for you.

See, the main problem with administrative identity is centralization. And every centralized approach to the problem of centralization causes more centralization and worsens the problem.

Even “user-centric” identity (with its “identity providers” and “relying parties”) are framed in administrative terms. They do not start with the sovereign individual, and are  not driven by that individual.

Even the term “user” implies something less than sovereign control.

What we need ares personal systems for managing our sovereign identities, and for doing our own federation to the administrative systems of the world.

Devon Loffreto has done the most thinking-out-loud about this issue. A compendium of posts:

All this is right up the alleys of IIW — the Internet Identity Workshop, which is coming up next week. And this is the first in what I hope will be a series of posts that will provoke conversation and forward movement at IIW.